libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Fix MembershipType so that NPE is not thrown when an empty member is found within a group

Browse source 
Closes #25883

Signed-off-by: Stefan Guilhen <sguilhen@redhat.com>
This commit is contained in:
Stefan Guilhen 2024-02-09 10:45:07 -03:00 committed by Alexander Schwartz
parent 20e535a3f6
commit d3ae075a33
2 changed files with 8 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
federation/ldap/src/main/java/org/keycloak/storage/ldap/mappers/membership/MembershipType.java
View file

@ -57,7 +57,7 @@ public enum MembershipType {
Set<LDAPDn> result = new LinkedHashSet<>(); Set<LDAPDn> result = new LinkedHashSet<>();
for (String membership : allMemberships) { for (String membership : allMemberships) {
LDAPDn childDn = LDAPDn.fromString(membership); LDAPDn childDn = LDAPDn.fromString(membership);
if (childDn.getFirstRdn().getAttrValue(rdnAttr) != null && childDn.isDescendantOf(requiredParentDn)) { if (childDn.isDescendantOf(requiredParentDn) && childDn.getFirstRdn().getAttrValue(rdnAttr) != null) {
result.add(childDn); result.add(childDn);
} }
} }

8
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/federation/ldap/LDAPGroupMapperTest.java
View file

@ -513,7 +513,13 @@ public class LDAPGroupMapperTest extends AbstractLDAPTest {
nonExistentLdapUser.setDn(nonExistentDn); nonExistentLdapUser.setDn(nonExistentDn);
LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, nonExistentLdapUser); LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, nonExistentLdapUser);
// 4 - Check group members. Just existing user rob should be present // 4 - Add an empty member to the same LDAP group
LDAPDn emptyDn = LDAPDn.fromString("");
LDAPObject emptyUser = new LDAPObject();
emptyUser.setDn(emptyDn);
LDAPUtils.addMember(ldapProvider, MembershipType.DN, LDAPConstants.MEMBER, "not-used", group2, emptyUser);
// 5 - Check group members. Just existing user rob should be present
groupMapper.syncDataFromFederationProviderToKeycloak(appRealm); groupMapper.syncDataFromFederationProviderToKeycloak(appRealm);
GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group2"); GroupModel kcGroup2 = KeycloakModelUtils.findGroupByPath(session, appRealm, "/group2");
List<UserModel> groupUsers = session.users().getGroupMembersStream(appRealm, kcGroup2, 0, 5) List<UserModel> groupUsers = session.users().getGroupMembersStream(appRealm, kcGroup2, 0, 5)